Open2日前にコメント追加1

Amplify Gen2でOIDCのURLを明示的に設定する

issuerUrlだけでタイムアウトなど失敗する場合
下記のような形でoidcではendpointsでそれぞれのURLを指定できるぞ！忘れるな！

import { defineAuth,referenceAuth, secret } from '@aws-amplify/backend';
import { getOrCreateMe } from '../function/getOrCreateMe/resource';

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      oidc: [
        {
          name: 'hogehogeOIDC',
          clientId: secret('HOGEHOGE_CLIENT_ID'),
          clientSecret: secret(HOGEHOGE_CLIENT_SECRET'),
          issuerUrl: 'https://HOGEHOGE.example.com/',
          attributeMapping:{
            email: 'email',
            emailVerified: 'email_verified',
            preferredUsername: 'name',
            gender: 'gender',
          },
          scopes: ['openid', 'profile', 'email', 'offline_access'],
          attributeRequestMethod: 'GET',
          endpoints:{
            token:"HOGEHOGE.example.com/token",
            authorization:"HOGEHOGE.example.com/authorize",
            userInfo:"https://HOGEHOGE.example.com/userinfo",
            jwksUri:"https://HOGEHOGE.example.com/jwks"
          }
        },
      ],
      logoutUrls: ["http://localhost:3000/api/auth/sign-out-callback","https://hogehoge.example.jp/api/auth/sign-out-callback"],
      callbackUrls: ["http://localhost:3000/api/auth/sign-in-callback","https://hogehoge.example.jp/api/auth/sign-in-callback"],
    },
  },
  groups: ["admin"],
  userAttributes:{
    "custom:identityFlg": {
      dataType: "String",
      mutable: true,
    }
  },
  access: (allow) => [
    allow.resource(getOrCreateMe).to(["getUser"])
  ],
})